File source-check-sandbox.patch of Package vim.18902
Index: vim-8.0.1568/src/getchar.c
===================================================================
--- vim-8.0.1568.orig/src/getchar.c
+++ vim-8.0.1568/src/getchar.c
@@ -1418,6 +1418,12 @@ openscript(
 	EMSG(_(e_nesting));
 	return;
     }
+
+    // Disallow sourcing a file in the sandbox, the commands would be executed
+    // later, possibly outside of the sandbox.
+    if (check_secure())
+      return;
+
 #ifdef FEAT_EVAL
     if (ignore_script)
 	/* Not reading from script, also don't open one.  Warning message? */